Merge pull request #13865 from mhyeon-lee
* gh-13865: Add user-info-authentication-method
This commit is contained in:
@@ -31,6 +31,7 @@ import org.springframework.util.StringUtils;
|
||||
* @author Madhura Bhave
|
||||
* @author Phillip Webb
|
||||
* @author Artsiom Yudovin
|
||||
* @author MyeongHyeon Lee
|
||||
*/
|
||||
@ConfigurationProperties(prefix = "spring.security.oauth2.client")
|
||||
public class OAuth2ClientProperties {
|
||||
@@ -195,6 +196,11 @@ public class OAuth2ClientProperties {
|
||||
*/
|
||||
private String userInfoUri;
|
||||
|
||||
/**
|
||||
* User info authentication method for the provider.
|
||||
*/
|
||||
private String userInfoAuthenticationMethod;
|
||||
|
||||
/**
|
||||
* Name of the attribute that will be used to extract the username from the call
|
||||
* to 'userInfoUri'.
|
||||
@@ -235,6 +241,14 @@ public class OAuth2ClientProperties {
|
||||
this.userInfoUri = userInfoUri;
|
||||
}
|
||||
|
||||
public String getUserInfoAuthenticationMethod() {
|
||||
return this.userInfoAuthenticationMethod;
|
||||
}
|
||||
|
||||
public void setUserInfoAuthenticationMethod(String userInfoAuthenticationMethod) {
|
||||
this.userInfoAuthenticationMethod = userInfoAuthenticationMethod;
|
||||
}
|
||||
|
||||
public String getUserNameAttribute() {
|
||||
return this.userNameAttribute;
|
||||
}
|
||||
|
||||
@@ -28,6 +28,7 @@ import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration.Builder;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrations;
|
||||
import org.springframework.security.oauth2.core.AuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.util.StringUtils;
|
||||
@@ -39,6 +40,7 @@ import org.springframework.util.StringUtils;
|
||||
* @author Phillip Webb
|
||||
* @author Thiago Hirata
|
||||
* @author Madhura Bhave
|
||||
* @author MyeongHyeon Lee
|
||||
* @since 2.1.0
|
||||
*/
|
||||
public final class OAuth2ClientPropertiesRegistrationAdapter {
|
||||
@@ -131,6 +133,8 @@ public final class OAuth2ClientPropertiesRegistrationAdapter {
|
||||
map.from(provider::getAuthorizationUri).to(builder::authorizationUri);
|
||||
map.from(provider::getTokenUri).to(builder::tokenUri);
|
||||
map.from(provider::getUserInfoUri).to(builder::userInfoUri);
|
||||
map.from(provider::getUserInfoAuthenticationMethod).as(AuthenticationMethod::new)
|
||||
.to(builder::userInfoAuthenticationMethod);
|
||||
map.from(provider::getJwkSetUri).to(builder::jwkSetUri);
|
||||
map.from(provider::getUserNameAttribute).to(builder::userNameAttributeName);
|
||||
return builder;
|
||||
|
||||
@@ -69,6 +69,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
|
||||
provider.setAuthorizationUri("http://example.com/auth");
|
||||
provider.setTokenUri("http://example.com/token");
|
||||
provider.setUserInfoUri("http://example.com/info");
|
||||
provider.setUserInfoAuthenticationMethod("form");
|
||||
provider.setUserNameAttribute("sub");
|
||||
provider.setJwkSetUri("http://example.com/jwk");
|
||||
Registration registration = new Registration();
|
||||
@@ -91,6 +92,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
|
||||
assertThat(adaptedProvider.getTokenUri()).isEqualTo("http://example.com/token");
|
||||
assertThat(adaptedProvider.getUserInfoEndpoint().getUri())
|
||||
.isEqualTo("http://example.com/info");
|
||||
assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod())
|
||||
.isEqualTo(
|
||||
org.springframework.security.oauth2.core.AuthenticationMethod.FORM);
|
||||
assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName())
|
||||
.isEqualTo("sub");
|
||||
assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("http://example.com/jwk");
|
||||
@@ -167,6 +171,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
|
||||
.isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
|
||||
assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName())
|
||||
.isEqualTo(IdTokenClaimNames.SUB);
|
||||
assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod())
|
||||
.isEqualTo(
|
||||
org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
|
||||
assertThat(adaptedProvider.getJwkSetUri())
|
||||
.isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
|
||||
assertThat(adapted.getRegistrationId()).isEqualTo("registration");
|
||||
@@ -210,6 +217,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
|
||||
.isEqualTo("https://www.googleapis.com/oauth2/v4/token");
|
||||
assertThat(adaptedProvider.getUserInfoEndpoint().getUri())
|
||||
.isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
|
||||
assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod())
|
||||
.isEqualTo(
|
||||
org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
|
||||
assertThat(adaptedProvider.getJwkSetUri())
|
||||
.isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
|
||||
assertThat(adapted.getRegistrationId()).isEqualTo("google");
|
||||
@@ -334,6 +344,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
|
||||
.isEqualTo("https://example.com/oauth2/v3/certs");
|
||||
assertThat(providerDetails.getUserInfoEndpoint().getUri())
|
||||
.isEqualTo("https://example.com/oauth2/v3/userinfo");
|
||||
assertThat(providerDetails.getUserInfoEndpoint().getAuthenticationMethod())
|
||||
.isEqualTo(
|
||||
org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
|
||||
}
|
||||
|
||||
private String cleanIssuerPath(String issuer) {
|
||||
|
||||
@@ -3252,6 +3252,7 @@ You can register multiple OAuth2 clients and providers under the
|
||||
spring.security.oauth2.client.provider.my-oauth-provider.authorization-uri=http://my-auth-server/oauth/authorize
|
||||
spring.security.oauth2.client.provider.my-oauth-provider.token-uri=http://my-auth-server/oauth/token
|
||||
spring.security.oauth2.client.provider.my-oauth-provider.user-info-uri=http://my-auth-server/userinfo
|
||||
spring.security.oauth2.client.provider.my-oauth-provider.user-info-authentication-method=header
|
||||
spring.security.oauth2.client.provider.my-oauth-provider.jwk-set-uri=http://my-auth-server/token_keys
|
||||
spring.security.oauth2.client.provider.my-oauth-provider.user-name-attribute=name
|
||||
----
|
||||
|
||||
Reference in New Issue
Block a user